Think of the following... Say you have an ID for customer creatively named customerID. And let's say we are going to view their account info: http://blah.com/accountInfo.cfm?customerID=2
on the SQL. you might have something like: SELECT stuff FROM customers WHERE customerID = #url.customerID# What if they visitor altered the url to: http://blah.com/accountInfo.cfm?customerID=2;DELETE FROM customers The query has just become: SELECT stuff FROM customers WHERE customerID = 2;DELETE FROM customers Or say you have a login on a site and your SQL is: SELECT * (yeah I know * is bad) FROM users WHERE username = '#form.username#' AND password = '#form.password#' What if the person puts the following in the password input field? value: 1' OR 1 = 1 Effectively they have just said SELECT * FROM users WHERE username = 'whatever' AND password = '1' OR 1 = 1 And they are now ogged in as the first user. Those are a couple of simple methods. ~Dave On 12/6/05, Chris Gomez <[EMAIL PROTECTED]> wrote: > > I remember reading somewhere that a knowledgable hack could append a SQL > statement to a cfm filename (example: index.cfm?Name='Drop Table')and > cause > it to drop a table. The fix for it was to use cfqueryparams to filter the > data being submitted to the query. Sorry for the lack of info, but that's > about all I remember. Does anyone know how this hack works? > > btw, I'm not trying to do this, just figure out how it works and how to > prevent it. > > Thanks, > > Chris > _______________________________________________ > List mailing list > Reply to DFWCFUG: > [email protected] > Subscribe/Unsubscribe: > http://lists1.safesecureweb.com/mailman/listinfo/list > List Archive: > http://lists1.safesecureweb.com/mailman/private/list > DFWCFUG Sponsors: www.HostMySite.com www.teksystems.com/ > -- ~Dave Shuck [EMAIL PROTECTED] www.daveshuck.com _______________________________________________ List mailing list Reply to DFWCFUG: [email protected] Subscribe/Unsubscribe: http://lists1.safesecureweb.com/mailman/listinfo/list List Archive: http://lists1.safesecureweb.com/mailman/private/list DFWCFUG Sponsors: www.HostMySite.com www.teksystems.com/
